Phishing

Part of a series on Internet Slang. [View Related Entries]

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.

This submission is currently being researched & evaluated!

You can help confirm this entry by contributing facts, media, and other evidence of notability and mutation.

About

Phishing is a neologism used to describe attempts to obtain sensitive information by masquerading as a reputable company or organization in electronic communications. Typically, phishing attempts are carried out through email and instant messaging services, which direct targets to fake websites that are designed to appear identical to official banks, social media platforms or other password-protected services.

Origin

In 1987, a presentation was delivered at the International HP Users Group, which described a phishing-style technique. The term "phishing" is believed to have been coined by hacker Khan C. Smith in the 1990s, but the first archived use of the term was found in the 1994 hacking tool AOHell,^[1] which contained a function for stealing the passwords of America Online users.

Spread

In June 2001, the earliest phishing attempt against a payment system was directed toward the digital gold currency service E-Gold.^[2] In 2003, the financial affairs publication The Banker reported on the earliest known phishing attempt against a retail bank in an article titled "Battle Against Identity Theft."^[3] According to the American research and advisory firm Gartner, phishing attacks increased by 28% between May 2004 and May 2005, with an estimated 2.4 American victims and approximately $929 million in losses. In October 2007, The Washington Post^[4] reported that nearly half of phishing thefts in 2006 were orchestrated by various operations maintained by the St. Petersburg-based Russian Business Network. That year, Gartner^[6] reported that an estimated 2.6 million adults lost $3.2 billion due to phishing scams. On June 14th, 2008, the /r/phishing^[5] subreddit was launched for discussions about the scamming practice. On August 21st, 2013, YouTuber Cyber51Security posted a video demonstrating how phishing attacks working by fishing a bag containing the words "user name" and "password" out of a small bucket filled with water labelled "Internet" (shown below).

On April 30th, 2014, YouTuber minutephysics uploaded a video about a sophisticated YouTube phishing attack (shown below, left). Within three years, the video gained over 1.46 million views and 2,700 comments. On October 14th, Trend Micro released a ad parodying phishing attacks titled "Phishing Scams – Don't Be That Guy" (shown below, right).

2017 Google Docs Spear-phishing Attack

In early May 2017, people began receiving fraudulent emails with fraudulent notifications that they had been shared on various Google Docs, along with a fake "Open in Docs" button. On May 3rd, Twitter user @zachlatta shared a GIF of himself viewing one of the emails, referring to the attack as "super sophisticated" (shown below).

zeynep</a> Just got this as well. Super sophisticated. <a href="https://t.co/l6c1ljSFIX">pic.twitter.com/l6c1ljSFIX</a></p>— Zach Latta (zachlatta) May 3, 2017

That day, Redditor JakeSteam submitted a post explaining how the attack works to /r/google,^[7]^[7] where it received upwards of 13,900 votes (94% upvoted) and 1,100 comments. Within the hour, Google disabled the spammer developer account used to orchestrate the attack. Shortly after, Redditor methreethatis submitted JakeSteam's post to /r/bestof^[8] titled "u/JakeSteam posts info for phishing email impersonating Google Docs, scam gets stopped within 30 mins."